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(57) A decoder 12 in particular for a digitai televistcyi 
system and adapted to receive a transport packet 
stream containing talkie or section data encapsuSatad 
within the packet paytoads. The decode is character- 
ised in conprising a means 80 for filtering tat)ie or sec- 
tion data Gonftgur^e in response to fitter data received 
from a portable security module 30 such as a smart 
card. 

The invention equally extends to a portable security 
mockile 30 inducing a memory hokfing such data as is 



necessary to o^Tfigure the table or section later 80. aid 
a m^hod lor i^ooessing a transport packet stream 
including encapsuterted table and section data using 
such a decoder 12 2Bid seour^ module 30. 

^ a preferred entxxfimern. the fiter 80 is adspled 
to fater out oonditbnal access messages in response to 
the table or sec^on filter data received from deportable 
security tnotkAe 30, ttiese messages b&ng thereafter 
fonwarded to tie security module fcx processing. 



GO 



Fig.4. 



^ 








.„. ., -v 


TABLE ID 


SECTION 
SYNTAX 
INDICATOR 


pravATE 

INDICATOR 




PRIVATE 
SECTION 
13IGTH 


8 


1 


1 


2 


12 



N PRiVATE DATA BYTES 



61 



TABLED 
EXTENSION 



VERSION 
NUMBER 



CURRENT 

NEXT 
tNDtCATOR 



G2 



SECT«>N 
NUMBER 



LAST 
SECTION 
NUMBER 



N 

PRIVATE 
DATA 



CRC 



32 
64 



o. 

UJ 



Pnntofi by XsroK (UK) Business SeMoes 
2.1S.7/3.6 



EP0964572A1 



Description 

[0001 ] The present invention relates to a decoder and security module for a distal transrrasston syston and method 
of operating a decoder and security modiJe. In partiCLilar for ise in a digital television sy^em. 
5 [tmZl Conventional dignal television broadcast systems transn^ data in t^ 

or transport pacMs, each packet t>eing of a predetern^ned length and oonlatnir^ a header and a ps^load. The MPEG 
standaid is the a^ently favoured standard In this domain and sets out amongst other things, a predetermined format 
for such pack^. 

[0003] The packet header conprises genial descriptive data regarcfing the packet whilst the payload comprises the 
10 data to be processed at the r^ver. The packet header indudes at l^st a pactet ID or PID identifying the pack^. The 
payfoad of the packet may contain audia ^ndeo or other data such as application data or. in particular, conditional 
access system data. 

[0004] Corrventionally, the incoming data stream is filtered by a receiver/decoder according fo the PID of each packet 
Oata requiring immediate processing such as audio or visual data is corrBnunk:ated to an appropriate processor in the 
IS formdwhatiscoriventiormlly known a packetised elementary stream or PES. This 

formed by assernbting the payfoads of the transport packets, itself corrprises each PES packet 

comprl^g a packet head^ and paylo^. 

[00Q6] Other data not requiring tmmedate processing may also be encapsulated wittwi the payloads of the ^mnsport 
packets. Mike PES data. whk:h is treated onmediately by a processor to generate a resd time output this sort of data 
20 is t^»calfy processed in an asynchronous manner by the decoder processor, in this case, data is fonnatted in a single 
table or a series of sections or t^es, eac*i inducfing a heater ard a payfoai. the head^-of thesecfion ortdWe bdud- 
ir^atakdelOcvTID. 

[0006] In the case wh^e the access to a transnvssion is to be restncted. for exanpie, cnapayTVsystem, conditionai 
access data may be inckgted in a tefale or section broadcast in the trafis^ 
25 tional access data is filtered by the receiver/deooder and passed to a portable securi^ modi^» such as smart card, 
inserted In the decoder. The data is th^ processed t)y the smart caid in ofder to geneiHte, for example, a control wofd 
^Jbsequently used by the decoder to descrarrt^le a transnrossior 

[0007] One proUem with known systems lies in tfie votume of date that will t>e reo^ved and processed by the 
receiver/decoder and notably the volume of conditfonal access messages eventual^ ibrwanded to the smart caid or 
30 security module. In particular, the processing c^pabaities of a smart card processor ttidth^ 
catfon channd between the decoder and srrert card may be insulficiertt to han^ 

problem is exacerbated by the inaeasing tendency for programrnes to be transnvtted with nmd^ concfilional access 

rnessages ending acc^ by drfferent operators to the same programme (eg. a 

channd). 

35 [0008] According to the present inventfon, there is provided a decoder for a c^taltrari^^ 

receive a transpol packet ^ream containing table, sectfon or other pack^ised data encapsulated within ttie packed pay- 
loads and characterised in that the decoder con^prises a means for filtering ttie encapsulated data configurable m 
response to fitor data received from a portable security modula 

[0009] Filte-ing data at the taWe or section level in response to information from the security module enaWes a more 
40 precise tderrtifk^ation and selection of data to be earned out, for example, to extract relevant conditional access m^- 
sages ackf ressed to the module, in prac^ce. and as will be described t>6low. this fttervig at the tatAe or sectfon level 
be canried out after and in addition to a flitting carried out at the transport packet iev^. 

[0010] Preferably, the means for fift^ing aicapsulated data is configursfole in response to fitter data ocmprising aSt 
least a table ID or section ID value tiansmitted by the portable security modu^ The means for fitering encapsulated 

45 data may equally be oonf igurabie in accordance with other data received from the portable security mocfole. 

[001 1] In a preferred embodiment, the means ftr filtering encapsulated data is further adapted to forward to the secu- 
rity module conditfonal access da^ obtained in accordance with the filter data received frc»n the security module. 
[0012] W^Hlst the present inventfon is partfoularly adapted to enat^e a reducton of the volume of conditfonal access 
messages comrmmicated between the decoder and the module, it w3i be nev^lheless appreciated that the encapsu- 

so lated data may be configured by the seo^ty module to extract data other tfmn conc^ional access data and having a 
destinatfon other tfm the seciRlty module. 

[001 3] Conditional access data filtered and forwarded to the security module may oonprise entitlement control mes- 
sages (ECMs) and/or entillemenl manag^ent message (EMMs), 

[0014] Even witNn a group of messages associated with a single conditional access system there may be a large 
55 nunfoer of messages inelevant to a particular user within that system. For example, within a sng^e conditfonal access 
system a nunfoer of different ^oups users may be defined leading to the generatfon of a number of EMMs. not all of 
which may be relevant to a given user. 

[OOiq Preferably therelore. fdter data provided by the security module comprises data used by the filter means to 
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extract gr(H4> and/or incfivtdual entitiement management messages addressed to (he security modude 
[(Xriei In one embodiment, the decoder is adapted to receive a control wool generated by the security module In 
response to the conditional access data foHMarded thereto the 0^ 
a scrambled transn^ssion. 
5 [0017] In addition to a fittering at the table or section levd. the decoder 

in order, for example, to extract only these packets comprising data associated with the particubr oonditiona) access 
system used by the secuity modiJe. PreteraUy. thereftvetftedecoda'tjrther comprises a means for filtering trarsport 
packet data conl^uraWe in response to data received from the security nxxlule. 

[001 8] Advantageously, the nreans for fdtering transport packet data may be oonfigiflable in response to repre- 

10 senting the identity of the conditional access system received from the security moduSa 

[001 9] In one entodiment the transport packet f Htering means is aOapM to extract transport packets contaorvng a 
program map table and a concfitional access table, the decoder further oomprteing selectfon nneans adapted to receive 
the pro^m map table arKf conditional access ^e from the transport packet fnering means and cond'itlwial access 
identity data fo:>m the security module and thereaft^ configiffe the transpcHi packet f Stering means to extr^ trar^port 

75 packet data associated with the cOTditional access sy^em In questioi. 

[0020] bi Older to preserve security in the system, sane or all oonvnunicalfons t>elween ttie security module and the 
decode may be encrypted. In particular, the desaarr^ing control word generated by the security modide and eventu- 
ally transmitted to the decoder meiy be encrypted, 

[0021] The present Hiventk}n has be&idescrit>edatx]ve in r^ation to a decoder. Oth^ 
20 to a method of filtering encapsu^ed data in a transport packet stream and a security modute for use witfi a decoder or 
method of the present invention. In one emboc&nent, the security modide may conv^'^ntfy comprise a smart card. 
[0022] V^lst the present invention may aii^ly to any packet tiarismissksnsy^ 

and a table or section layer, the present invention is particularly apptolble to a decoder adapted to receive an MPEG 
oorrpatSste data stream. 

26 [0023] In this regard, the term laUe. section or other packetised data' refers In its broadest s&Tse to any data table, 
afone a in a sequence, and comprising a header and payfoad and that is itself m:apsulated within a transport packet 
stream- As wfll be descrfoed in ttie preferred embocfimwrt. the preswit inventfon is partiodarty c^jpltcabie to fit^kig of 
data contained within an MPEG table, notably a single MPEG short form table Om& entx)dimenis are neMerttieless 
conceivable, for example, in which mering is canned out on PES pacMsericapeirialedwithm^ 

30 loads. 

[0024] In the context of this application, the term MPEQreiers to the data trgnnmissfonstandaidsdetfe^^ 
Int^natior^l Standards Organisation working group "Motion Pk:tures Etpett Gsoup" and in particular buA not exdu- 
sivety the MPEG>2 standard devefoped for digital tdeviston appfoations aid s^ out oi ttie documents IS0 1 381 8-1 . ISO 
13818-2. ISO 13818-3 and ISO 13818-4. In the context of the presempatent^spfoatoi, the tennis 
ss variants, modifications or developments of MPEG fonnats apf^cable to the field of (£gitad data transntissioa 

[0025] As used hereia the term 'smart card^ includes, but not exdusiv^ so, any chip4»sed caid devfoe, or ot^ 
of sirralar function and performance, possessing, for example, mtoropr o cessor and/or memory storage. Included in tt^ 
term are devices having altemative physical forms to a card, for example k^-^icped devices such as are often used 
in TV decoder systems. 

40 [0026] The temri '^decoder" or Veceiver/decod^* used her^ m^ connote a receiver for receiving either encoded or 
non-encoded signals, for sxanple. television and/or raSo signals, which may be broadcast or transmitted t>y some 
other means. Embodiments of such receiver/decoders may include a decoder ritegial with the receiver for deoocfing the 
received signals, for example, in a "set-top box", a decoder f u nctioni ng in c omb ina tion with a physically separate 
receiver, as well as a decoder including additional f unc^fons, such a web browser or inleg iai ed with a video recorder 

45 or a televi^on. 

[0027] As used heran, the term "digital transnr^sion system" includes any transn^on system for t^nsmitting or 
t^'oadcasting digital data, for example primarily audiovisual or multimedia digital data WhHst tiie present invention is 
partioilariy applicable to a broadcast digital televisfon system, the invention may also be apii^teable to a fixed teiecom- 
munfoations networit for multimedia internet applications, to a cfosed circuit television, and so on. 
50 [0028] As used herein, the term "digfal television system" includes for example any satelfite, ten-estrial, catUB and 
otiw system. 

[0029] There will now be described, by way of examj^e only, a pretended enfoodiment of the invention, with reference 
to the folk>wing f ^ures, in wNch: 

ss Figure 1 shows the overall architecture of a cfigitai TV system according to this embodiment: 

Figure 2 shows the architecture of the conditional access system of Figure 1 ; 
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Figure 3 shows the hierarchy of MPEG-2 packets, in particular those associated with oorKlltional access messages: 

Figure 4 shews the structure of long form and short form MPEG>2 private sections; 

5 Rgure 5 shews the elements Of a receiverAtecoder for use in tNsentofinien^ 

Fi^re 6 shews the elements of the receiverAjeooder used to process the transport stream, in partictdar in relation 
to conditional access messages: and 

10 Figure 7 shows the structure of the RIO and section filters of the filter unit of Rg. 6. 

[0030] An overview of a di^ tdevision troadcast and reckon system 1 is shnwn in F^e 1. The Invention 
Includes a mostly conventlonai coital tele/iston system 2 which uses the MPEG-2 compression system to transmit 
compressed digital signals. In more deta^. MPEG-2 conpressor 3 in a t)roadcast centre receives a digital signal stream 
15 (fw example a stream of audio or video Agnate). The oorr^yessor 3 is oorwiected to a rmA^exer and scrambler 4 
Ikik^e 5. The rruttiplexer 4 receives a plurality of firther input signals, assembles one or more transport streams and 
transmits conpressed digital stg nals to a transnvtter 6 of the t)roadcast centre via finkage 7« which can of course take 
a wide variety of farms Induding telecom links. 

{0031] The transmitter 6 transmits dectromagnetic signals via ipltnk 8 towards a satellite transponder 9, where ttiey 
20 are electrordcally processed mi t)roadcast via a national downlink 10 to eartfi receive 1 1 . conventionally in the form 
of a c6sh owned or rented by the end user. The signals rec^ved by receiver 11 are transnmted to an integrated 
receiver/decodei' 12 owned or rented by tfie end user and connected to ftie end user's television set 13. The 
receiver/decoder 1 2 decodes the compressed MPEQ-2 signal into a television signal for the television set 13. 
[0032] A concitional access system 20 is connected to me multiplexer 4 and the reoei^ 
2s partly ffi the tvoadcast centre and partly in the decoder, ft enaties tie end user to access distal televisfonbroedca^ 
from one or nme broadcast suppfiers. A sniarlcard. capabfo of decryplBi^ 

is, one or several television programmes sold the (broadcast supplier), can be inserted into the receiv^Afeooder 12. 
Using ^e decode 12 and smartcard. the end user may purctese events in ether a subscrt^^ion modte or a pay^per- 
viewnrode. 

30 10033] An int^acSve system 17. also connected to the multiplexer 4 arid the reoeiveri^^ 
partly m the broadcast centre and partiy in the decoder, mey t>e provided Id enaU 
appfications via a modemmed back channel 16. 

[0034] The conditional access system 20 win now be descrfoed in more detai. 

[0035] With reter^ice to F^ure 2. in overview the condition^ access system 20 inc^ides a Sut>scrt)erAu!tKviz^k^ 
35 System (SAS) 21. The SAS 21 is connected to one or more Subscrft}erManagememSy^i«(SI^ 

each broadcast supper, by a respecHve TCP-IP linkage 23 (although oth^ types of Inikage caid alternatively be 
used). Alternatively, one SMS coukJ be shared between two txoadcast supF^iers. or one supplier oHild use two SMSs. 
and soon. 

[0036] Rrst encrypting units in the form of ciphering units 24 utilising "mother smartcards 25 are connected to the 
40 SAS iTy linkage 26. Second enaypting units again in the form of cpto-hg units 27 utiRsing mother smartcards 28 are 
connected to the muftif^exBr 4 by linkage 29. The receiverAlecod«' 12 receives a "daught^ smartcard 30, It is cotk 
nected cfirectly to the SAS 21 by Communications Servers 31 via the modenmied back ctoinel 16. The SAS s«ids, 
amongst oKh&c things, subscription rights to the dai^ht^ smarteand on request. 

[0037] The smartcards contain the secrets of one or nme conmerci^ operatois. The "mother smartcsud encrypts 
45 differem kinds of messages and the ^daughter" smartcards decrypt the messages.!^ 

[0038] The f iret and second offering units 24 and 27 comprise a racK an electronic VME card with software stored 
on an EEPROM, up to 20 ^ectronic cards and one smartcard 25 and 28 respectively, for each electronic card, one card 
28 for encrypting the ECMs and one card 25 for encrypting the EMKfe. 

[0039] The operation of the conditional access system 20 of the digital tel&nsion system will now be deserved in more 
so d^il with reference to ttie vaiious components of the television system 2 and the conditfonal access system 20. 

Multiplexer and Scrambler 

[0040] With reference to Figures 1 and 2. in the broadcset centre, the digital audio or video signal is first compressed 
55 (or bit rate reduced), using the |y4PEG-2 compressor 3. This compressed signal is then transrr^ed to the multiplexer 
and scrambler 4 via the link^e 5 in order to be multiplexed with other data, such as other compressed data. 
[0041] The scrambler generates a control word used in the scrambling process and Included In the MPEG-2 stream 
In the multplexer. The control word Is generated internally and enables the end user's integrated receiverAieooder 12 
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to descramble the programme. 

I0042J Access aiteria. Indica^ng how ihe prograimie ^ commercialised, are afeo added to the MPEG-2 strata The 
programme m^ be canmefcialised In either one of a number of "sitecr^ation" modes and/or one of a number of *PBy 
Per View'' (PPV) modes or events. lnthesi4>scr^onmode,theendi«ersub8Cfi>estooneormoreoonf^ 
5 or lx>uquets^ thus g etti ng the rights to watch every channel Inside those bouquets, tn the preferred entxxliment vp to 
960 commercial offers may be selected from a bouc^^ of channels. 
[0043] InthePiay Pe^X^ew mode, the end user tepro>nded with the capabSity to pu 

can be achieved by either pre-booWng the event in advance ("pre-book mode^, or by purchasfftg the evert as soon as 
it is broadcast ("impulse mode"). In theprefened embodiment, afl users are subscribers, whether or not they watch in 
70 subscriptbn or PPV mode, but of course PPV ^Aewers need not necessarily be sitecribefs. 

EntltlwnCTt Corrtrrt Messages 

[0044] Both the control vwxd and the access criteria are used to buikJ an Entttem^ Control Message (ECM). This 
IS is a message sent in relation with a scrambled program; the message contains a control word (wHch allows for the 
desaambling of the program) and the access arteria of the broadcast program. The access criteria and oortrol word 
are transmitted to the second encrypting urat 27 via the Ikikage 29. In this unit an ECM Is generated, encrypted aid 
transnvtted on to the multiplexer and scraiTiiler 4. During a broadcast transmission, the control word typicaBy changes 
every few seconds, and 80 ECfife are also periodicaiiy transniitted to ena^ 
20 bled For redundan<y purposes, each ECM typkallyindudes two control word^ 
control word. 

[0045] Each service bro£Kjcast by a broadcast supplier in a data ^eam comprises a nunrto of dislinct o on ponente; 
for exanpie a television programme includes a video component an audio conponent a sub-title conponent and so 
on. Each of these components of a service is individually scrBnrt)ted and enoopted for subsequent b^^ 
2S transponder 9. in respect cA each scrambled oonrponent of the service, a separate ECM is rec^lred. Alternatively, a sin- 
gle ECM may be required for all of the scrambled components of a service. Multiple ECMs are also generated In the 
case where nudtiple conditional access systems oonlrd access ^ 

Procramme Transmission 

30 

[0046] The nmitiplexer 4 receives electrical signals compri sc ig encrypted EMMs from the SAS 21 . encrypted ECMs 
from the second encrypting unit 27 and compressed prograrr^nes from the compressor 3. TTie mtdt^exer 4 scrambles 
the progranvTies and s^ids me scran^ed pn^grarmies, the ericrypt^ 

6 of the troactest centre via the 6nKage 7. The trEBismittBr 6 transmits ^ecboms^nefic signals fowaids the sateite 
35 transponder 9 via i^mk 8. 

Programme Reception 

((KMT] The satellite transponder 9 receives and processes the electrormgnetic signals transmitted by the transmitter 
40 6 and transrrBts the signals on to the earth receiver 11. conventionalty In tfieform of a <fish owned or r^ed by the erxi 
user, via downlink 10. The signals received by receiver 1 1 are transmitted to the integrated receiverAjecoder 12 owned 
or rented by the end user and connected to the end us&'s teierisfon set 13. The receiverAjecoder 12 demultiplexes the 
signals to obtain scrarrtsled programmes with erK^rypted EMMs and encrypted ECMs. 

[0048] If the programme is not scrambled, that Is, no ECM has been transmitted with the MPEG'2 stream, the 
45 receiverAlecoder 1 2 decompresses the data and transforms the signal into a video signal for transmissfon to television 

set 13. 

[0049] If the programme is scrambled, the receiver/decoda- 12 extracts the oonresponding ECM fr<»n the MPEQ-2 
stream and passes the ECM to the "daughter smartcard 30 of the end user. This stots into a housing in the 
receiver/decoder 12. The daughter smartcard 30 controls whether the «id user has the right to decrypt the ECM and 
so to access the pro^mme. If not. a negative status Is passed to the receiverAdecoder 12 to indicate that the programme 
cannot be descrarrt)led. If the end user does have the rights, the ECM is decrypted arxl the control word extracted. The 
decoda' 12 can then descramble frie programme using this control word. The MPEG-2 stream is decompressed and 
translated Into a vfoeo signal for onward transmission to television set 13. 

ss Entitlement Maiwaement Messac^ f EMMs^ 

[0050] The EMM is a message dedicated to an indivicfoal end user (subscrfoer). or a group of end users. Each ^oup 
m^ contain a given number of end users. This organ^^n as a group mms at optimising the bandwklth; that is. 
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access to one group can pa^mit the reachir^ of a great number of end users. 

lOOS-i 1 various spectfic types of EMM can be used. Individual EMMs are dedk^ated to individual sulsscrbers. and are 
typically used in the prcvteion of Pay Per View services: these contain the grojp identffier and ttie position of the sub- 
scriber in that group. 

5 (0052] Group subsaiption EMMs are dedicated to groups of, say. 256 individual users, and are t^cally used ffi the 
adnr^nistration of some subscripfion serwicesL This EMM has a group ident^ier and a sutecrters' group kMtmap. 
[0053] Audience EMMs are dedicated to entire audiences, and mi^ for example be used by a partioiar operator to 
provide certain free services. An "audience" is the totaBty of subscribers having smartcaids which bear the same con- 
ditionaJ access system identifier (CA ID). Finally, a "unique* EMM is addressed to the unique identifiw of the smarlcard. 

10 

Subscriber Manapement System (SMS) 

[0054] A Subscriber Management System (SMS) 22 indudes a datat)ase 32 which manages, amongst others, aH of 
the end user files, commercial offers, subscnptions, PPV details, and data regarcfing end user coisumption and author- 
75 ization. The SMS may be pf^cally remote from the SAS. 

[0055] Each ^S 22 transmits nriessages to the SAS 21 via respective lirtege 23 wfQchtnplymodff^ 
ations of Enticement Management Messages (B^Ms) \o be transn^ed to end users. 

[0056] The SMS 22 {^transnvts messages to the SAS 21 whk:h onply no rnoG^ications or aeatlons of EMMS b^ 
imply onHy a change on an end users state (relating to the authorization granted to the end user when ordering products 
20 or to the amount that the end user v^'lt be charged). 

The SAS 21 sends messages (typically requesting information such as calHtsack information or btHing informa- 
tion) to the SMS 22, so that rtwiQI^e apparent that oonnmunicalfonbehNeen the tM 

VX^] The messages generated by the SMS 22 are passed via linkage 23 to the Subscriber AutfiorizaHon System 
(SAS) 21, ^lich in turn generates messages acknowledgn^ receipt of the messages generated by the SK^ 21 and 

passes these cK^knowledgements to the SMS 22. 

[0059] In overview the SAS comprmes a Sut)SGription Cha'ff^ area to ^ve ri^^ la* subscription mode and to renew 
the rights automaticany each month, a Pg^ Per View Chain area to ^ve rights for PPV events, and ai EMM kjecfeorlor 
passing EMMs created l>y the Subscription and PPV clicunareasfo!heniun|ple9aarOTdscranft4er4.an^ 
the MPEG stream with EMMs. If other rights are to t»e grartted« such as 1^ Per 1% (PPF) 
k>»fing computer software fo a user 's Pe'son^ Corrputer. other simto areas are also pnyMed. 
[0060] One fmction of the SAS 21 is to manage the »x:ess r^its to televiskvi prognEunmes. awaiat^as oonvnercial 
offers in subscription mode or sold as PP V events according to liferent modes of com m ercialisation {pie-book mode, 
impirise mode) . The SAS 21 , acoorcfirig to those rights and lo intonmation received from the SMS 22. generates EMMs 
forthesubscrit)er. 

[0061 ] The EMMs are passed to the Ciphering Unit (CU) 24 for ciphering with respect to ttie management and exptoi- 
tation keys. The CU con^etes the signature on the EMM and passes the EMM t>ack to a Message Generator (MG) In 
the SAS 21 , where a head^ is added. The EMMs are passed to a Message Emitter (ME) as oorplete EMMs. The Mes- 
sage Generator determines the broadcast start and stop time and the rate of emission aH the EMMs. and passes these 
as {^opriate directions along with the EMMs to the Message Emitter. The MG only generates a given EMM once; it 
IS the ME which performs cycKc transmission of the ^Ms. 

[q062] Ongenerationof ai EMM. the MG assigns a unique ideitifier to the Eim. When ^ 
the ME. it also passes tf^ EMM ID. TNs enable identification of a particdar EMM at both the MG and the ME 
[0063] In systems such as simulcrypt which are adapted to handle multiple conditional access systems e.g. associ- 
ated with multiple operators. EMM streams associated with each oonditicvial access system are generated separately 
and mult^)lexed tog^er by the nult^exer 4 prior to transmissit^. 

50 Condftional Access Messages in the Transport Stream 

[0064] The different nature of ECM and EMM message leads to differences vis ^ vis tine mode of transnr^ssion of the 
messages in the MPEG transport stream. ECM messages, wNch carry the cc»itrol words needed to descramtsle a pro- 
gramme are necessarily Onked to the video and audio streams of the progranvne being transmitted. In contrast EMM 
55 messages are general messages txoadcast asynchronously to transmit ri^rts mformation to inc&vidual or groups of 
customers. This cfifference is reflected in the placing of ECM and EMM messages within the MPEG transport stream. 
[0065] As is known. MPEG transport packets are of a fixed l^g^ of 1^ kbytes Including a header. In a standard 
packet the tttree bytes of the header following the synchronisation data comprise: 
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TABLE I 



Transport error irxficalor 


1 bit 


Payioad unH ir^icator 


1 bit 


Transport priortty 


1 bit 


PID 


13 bits 


Transport scrambfing control 


2bit6 


Adaptation field cxKitrd 


2bits 


ContffHiify cojnter 


4bits 



IS 

[0066] The characterisScs of these fields are larg^y d^&mined the MPEG standard. 
[0067] Refening to Rgure 3, the organisation of data within a transport stream wSH be described. As shown, the trans- 
port stream ccKitains a programme association table 40 (TAT^. the PID in the header of the f»cket being fixed the 
MPEG-2 standard at a value of 0x00. The programme access tat)le 40 provkies the errtry point for access to pr<^rani^ 
20 data and contains a tatrfe referring to the PID values of the progra mm e map tables (TMT^ 41, 42 associated wth a 
nun^ of programmes. Eadi programme map table 41 . 42 contains «i turn a reference to the PID values of tie packet 
streams of the audio tables 43 and video tables 44 of that progranvneL 
[0068] As shown, the p i oflr a w w ne map table 42 also contains reter e i^ 

oonlaining£b(&ionaldaiar^atkigtothepfogranmeinci^^ In the present case ECM date g en e rated by a number 
2S of concfiticyial access systems and associated with the pro g r amm e an quesfion is contained within the referred packets 

45. 46. 

[CK)69] In addition to the programme access tatrfe PAT 40, the MPEG transport stream furth^ comprises a corKiitional 
access tatsle 47 fCAT^. the PID value of which is fixed at 0x01 . Any packed headers oonlaming the PID value are tNiS 
automaticaiy idoitified as containing access control information. The CAT taUe 47 refers to the PflO values of MPEG 
30 packets 48. 49. 50 associated with EMM data associated witti or^ or more conditional access systems. As with the 
PMT packets, the PID values of the EMM packets referred to in ttie CAT table are rio^ 
the choice cf the system operator. 

Private ggtfpnpgia 

35 

[0070] fan confcH'mity with the MPEG-2 standard, information contained w^ a packet payfoad is sutsiect to a further 
level of structure according to the type of data t>eing transported. In the case of audio, visual, teletext sut>6tle or other 
such rapidly evolving and synchronised data, the information is assemt)led in the form of what is known as a packetised 
elementary str^m or PES. This data stream, which is formed by assemt)ifng the payloads of the transmitted packets, 
40 itself comprises a sequence of packets, each packet conprising a packet header and payioad. UnlBie the transmitted 
packets in the transport stream, the length of PES packets ^ varial^le. 

[0071 ] In the case of otiier data, such as applicalfon data or. in thus example, ECM and EMM data, a different format 
from PES packeting is proscra^ed. In particular, data contained in the ti anspo rl pewsket paytoad is divided into a series 
of sections or t«^1es. the table or section header including a t£^e ID or TID identifyrig the tal^ in question. Depmimg 
45 on the size of the data a section may be contained entirely within a pack^payfoad or may be extended in a series of 
tables over a nurr^ of transport pack^ In the MPEG-2 context the term "tat)ie" is often used to refer to a single table 
of data, whilst "section" refers to one of a pluratity of tables with the same TID valua 

[0072] As with transport packet data and PES packet data, the data stnjcture of a table or section is additionally 
defined by the MPEG-2 standard. In particular, two possible syntax forms for private table or section data are proposed; 
50 a long form or a short form, as illustrated in Figure 4. 

[0073] In both the short and tongfonrn. the header incfodes at least the data 60 compr'i^^ 



TABLE II 



Table id 


8bits 


Section syntax indicator 


Ibit 
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TABLE ti (continued) 



Private irdicator/reseived 


1 txt 


ISOres^ved 


2t)its 


Section length 


12 bits 



(0074] The private indicator and rxivate section lengtiis are conprised of data notlbced by the MPEGr2 standard shkI 

¥vhich may be used by the system q:>erator tor his own purposes. 
10 [0075] in the case of short form, the header 60 is kmiediately t>Uowved by the payioad data 61 . tn (Tie case of ttie iang 

torm. a further header section 62 Is provided before the payioad 63 and the message equafiy includes a CRC check 

value 64. The long form, which is typicaHy used when a message s so tor^ that it mu^ be cfivided hrtto a mmtber of 

sections, contains the information necessary to assemble the sections, such as the section nunter, the number of the 

last section in the sequence of sections etc. 
75 [0076] For further tnformalion regarding the long and short Ibmitz^ 

stendard. 

[0077] In the case of conditiorral aocess ECM and B^M messs^es. the data msf usually be accomodated In a single 
tcdsle and the short form will be the appropriate fomial. A spedf'^ 
sages is proposed in the context of the present invention, namely: 

20 



TABLE It! 



T^eid(fffterdata} 


8t»ts(1byte} 


Section syntax indicator 


Ibit 


Private indicator/reserved 


Ibft 


ISO rested 


2bits 


Section length 


12bHs 


CA specific header field (filter data) 


56 bits (7 bytes) 



10078] For such CA messages, the taS^e id value may be se4 by the sy^mopeiator at for exa^ 

for ECM messages (for example, odd arx^ even messages) and 0x82 to Qs^F for EMM messages. These values are not 

35 MPEG-2 proscribed and may t^e chosen at the discretion of the ^slem operalor. 

[0079] Ec^alty. in the case of the CA specific header f i^, hereby deagnated gbs the fr^ 7 bytes of the payfoad foU- 
lowing the header, the parameters may t>e set t)y the system operator to ref foct, for example, the fact 1hai the CA mes- 
sage is an EMM message canying individual, group or audience subscription infonnation. k\ this manner the lieader* 
of such a table or section }s extended. 

40 [0080] The advantages of such message syntax will i^ecome dear later, with regard to the processir^ and filtering of 
messages tsy the receiverAdeGoder, notably using the Table id and CA specific field data. 

45 [0081 ] Befenring to Figure 5. the element of a receiver/decoder 1 2 or s^-top tjox for use in a digital txoadcast system 
ard adapted to be used in the presentinvention wifl nowt>edescril>ed. As wffl t>e understood, the fcjasic elements of this 
decoder are largely conventional and their tmpl^entation v^l be whhin tfie capabiiities of one sMIIed in the art 
[0082] As shown, the decoder 12 is equif^ed with several interfeces tor receiwng and transmitting cteta, in particular 
a tuner 70 for rec^vir^ t)foadcast MPEG transnussfons. a serial interface 71 , a par^lel interfoce 72, and a modem 73 

so tor smlmg and receiving data via the telephone network. The decoder also includes a firsl and second smart card 
read^ 74 and 75. the first reader 74 for accepting the $Ld:)Scri(^ smart canj and the second read^ 75 for acceptmg 
bank arxl/or other smart cards. 

[0083] The decoder also includes a receiver 76 for receiving infra-red control signals from a tendset ranole control 
77 and a Peritel oi^ut for sending audiovisual signals to a television 1 3 connected to the decoder. 
55 [OOM] Processing of digital signals received via the interfaces and generatfon of output signals is handled by an 
ensemble of hardware and software elements here grouped together as a central control unit 78. The software archi- 
tecture of the control unit wittun the decoder may con-e^sond to that used in a known decoder aifid wil not be descra>ed 
here in any detail. It may be based, for example, on a virtual macNne Interacting via an kiterface layer with a fower level 
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op&afing system i irptanented i n th e haidware compon ents of the decoder. In ternis of hardware arcrvtecture. the con- 
trol unit 78 wifl be equipped wrth a processor, mei^ 
decode. 

[0085] Applications processed by the contrd unit 78 may be restdemappr^^ 
5 decoder or apf^cations broadcast and downk)aded via the MP^ 

program gude appfications* games, interactive s^ces, teleshopping applicatkms, as well as initia fi n g appficatiors to 
oi^e the decoder to be immedialeiy cperationaJ ^x}n 6tart*i4> arxj appfications for oonf ^uraig a&peds ol the decoder. 
Applications are stored in memory locations in the decode and represented as resoiffce files oompristr^ graphic object 
desaiplions files, unit files, variable block files, instruction sequence files, app fi cations f fles, data files etc. 

[0086] Figure 6 shows in schematic form the denents necessary for processing packet and table data in accordance 
wth this entodiment of the invaition. As wSI be understood, the dements shown in this ftgure may be implemented in 

75 hardware, software or in cwrtxnation of the two. 

(0087] The broadcast trar^nrwssion received from the satellite receiver are passed via the convention^ tuner 70 and 
an associated demodulator unit 79. The tuner 70 typk:aHy scans a range of frequencies, stopping whm a chosen canler 
frequency is detected within that range. The signals are then treated by the denriodulator unit 79 whk:h extract 
wards the transport packet stream to a demux and fitter unit 80. The fitter structure of the denux and fata- unit 80 will 

20 be described in detaD betow in relation to Figure 7. As will t>e imderstood. flie actual choice of corrponents needed to 
irnplerTient such a unit is at the discretion of the rnanufactirer and the most ir^ 
filter configuatbn. 

[0088] In the case of data oicrypted in accordance wift a conditional access system as ^ 

the fitter unit interacts with a smart card 30 (or any other secu-e device) mserted in the decoder 1 2 and a channel 

26 parameter apptelion 81 . typcally implemented as a software application in the decoder. 

[0089] The f ater unit 80 extracts from the transport packet stream the Pm and CAT tables present in the stream. 
Referring back to Figure 3. this filtermg operation is canied out at a PID level, the CAT table beir^ identified by the PID 
value 0x01 and the appropriate PWT tatrfe corresponding to the chosen broadcast channel being exfracted via the PAT 
table (PID value: 0x00) and the PID value of the chosen channel klentified in ttie fW isMa 

30 [0090] The channel paiameterapplk^tion 81 ad(fitk>naflyrec^^ 

cfitional access system associated with that smart card. Ageon. referring badk to Figiffe 3. afirstoondaionai^xess sys- 
tem is assodated with ECM and Ef^ data in the packets 45 and 46. respec^vely. Using the c on cfifio na l access system 
ID received from the sn«rt card 30 and the PMT and CAT tables rec«v©^ 
mines the PID values of the conoBtk>nal access packets associated with »ie contJ B tio nd 

36 returns these values to the f ater unit 80. 

[0091] Inthecaseofasimprifiedsystem^whereareMvelysn^ neither 
fiHeringm^ be necessary and these PID values ma^ be used by the fitter unft 80 to extract all relevant ECM and Eri^ 
private secttons from the identified packets and to thereafter forward the data contained within tiiese sectfons to the 
smart card 30. 

40 [0092] This conditional access data is then processed by the microprocessor within the smart card 30 and tfie oontrol 
word associated with the transmission passed to a descrant)ling urof 83. ThedescranUiOng unit 83 receives scrambled 
audiovisual or other data information extracted from the transport packet stream tjy the denwx tater unit 80. 
desaambles the infonnafion using the control wcmt andlhereafter passes thedaite to accmvention MPEG-2 cNp whfoh 
prepares the data for subsequent oRsplay on the associated tefoviskxi display. 

45 l(ms\ However, whilst a PID level titer enables an extraction of tfiose ECM and EMM messages associated exclu- 
sively with the conditional access system in questicvi, there may nevertheless be a large f^oporfion of messages in-el- 
evant to the user. These messages may indude group EMM messages for other user groips. individual EMM 
messages for other users ^c. The through|)ut of condhfonal access messages passed to the smart card may therefore 
bevery high. Given the lirriitatioris of the processor power and memory of snriart^ prac- 

50 tfoe more ttian the card can handle. 

[00d4] In order to overcome this problem, the smartcard 30 Is adapted to pass further titer data to the unit 80 for use 
in a section or table level f Ster process, 

[0095] Referring to the Tat^e III at>ove, tables containing conditiona] access data include Table id and CA specific 
head&^ fields whk:h are chosen to identify, for example, the presence of an EMM or ECM (table id values 0x80 or 0x81 
55 and 0x82 to 0x8F. respectively) and the type of message (CA specific data identifying the group concerned by a group 
EMM message, the presence of an audience EMM message etc.). Dependng on the data that it requires, the smart 
card 30 will send the necessary table kJ and CA spedfk; data to cc»ifigure the filter unit to extract and return only those 
conditional access messages of interest to the smart card. In this way. the flow of data sent to the smart card ma^ be 
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reduced to conform with the processing capabilities of the smart card miaoproceseor. 

[009^] Referri ng to Figure 7, the details of the fStering unit 80 wiH be descrbed. Typcally; the uret may be tmplenfiented 
as a hardware resource, driven by a firmware managing application wilh the recew^f6eoc36&. As shown, a set of 
filters 85 carries out a PID filt&ing proc^ using the CA PID information received from the channel parafneta- applica- 
5 tJon. The PID fOters 85 may equally be configured to extract other retevant packets such as the PMT. CAT tables sent to 
the channel parameter application. Other PID filters (not shown) may be used to extract the audiovisual PES pack^ 
information eventually sent to the descrambler etc 

[0097] Once dr^)ped of the padcet header, the private section or table data is then routed to a set of pref ifters 86 
adapted to filter the 8 bytes in the ext^ed header of a ts^e. As shown m Table 111, 1 t^e of the extended header ^ 

10 associated with the t«dble id. 7 bytes with the CAspe(^ic information. T^ 

of the 8 byte pattern in a table with the filter data received frcmi the smail card. Some bits within t^ 
may be masked or ignored In the evaluation. In this eriixxfirnent, 32 different patterris are proposed, a subset of these 
patterns t>eing applied the prefOters in depend&ice of the ir^mation received from the snnart cand. H one pattern 
matches, the sectbn is sent to the FIFO buffer element 87. If no pattern matches, the section is ignored. The filters 86 

IS equally act to extract from the apfxopriate sectbns the PMT and CAT table infonmation, which is passed to a RFO 
buffer88. 

[0098] Due to the characteristics of the transport layer, the arrival d sections is bur^^ 
ers 87. 88 nriust be suff idem to handle an average rate of SMbitsfe, with the inserim 
ular aitocation with a possSsle deviation of ± 25%. 
20 [0099] in order to better understand the invention, a proposed exanple of operating insl n c fion shandted by the sec- 
tion filters 86 wiQ now be outiined. 

Filter^sdijsecUons (FilierJd Target Mask, Trigger_conc^ns, pfn) 

This command retrieves every section matd'^rig the target except masked bits after Ir^gerjoonditions occured. 
25 Fdterjiexljsection (Filler Jd, Target, Masfr, Trf^erjoorKiitions, p/n) 

This oonvnand retrieves the next section matching tiie t^get except masked bits after biggerjconditions occured. 
Triggerjcxxidtions are related to otier fitters previously identified as malcfiir^ 

Fitierjid is an index t)etween 0 arxl 31. pointing to a filter emd an output queue In adcfiton, it 0ves the queuesig 
priority, 0 being tiie highest priority. 
30 Tangef is an 8 bytes pattern. 

Al3S/r is an 8 tTytes pattern showing the bits to be nriaskBd ffi the target. vali» 0 m 

Triggetjcondittons is a 32 bS? bitmap, ORing fifter_id triggering that filter. Bit set at 0 means no trigger condition. 
Self trigger emotion is ignored 

p/n is a value, nomially set to 1. positive for normal operation as descrtt)edatx)va When set to Oft rneansnega^ 
^ filtering, i.e.. retrieve sections os& matctiing target. 

Examples of use: 

Example 1: 

40 

[0100] 

FiltierjalLsections(5. Qx8C7C453AA8BBFFO0. 0XFF557FFFEEFFFFO0. 0. 1) will csfiture all EMMs corresfwidir^ 
To matching criteria. 

45 

Exarnple 2: 
[0101] 

so Rlter_nfixt_Gection(0. 0x8000000000000000. CxFFOOOOOOOOOOOOCX). 0. 1) 
FiIter_next_section(1. 0x8100000000000000. OxFFOOOOOOOOOOOOCX). 5. 1) 
Filt€r_next_section(2. 0x8000000000000000. OxFFOO0OOOOOO<K)O00. 3. 1) 

start an ECM capture process with odd/even toggle. 

55 
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Exanplea: 
[0102] 

Rlter.next.section(8. OxPMTjriD0000Version.nunnbetO00O0000. OxFl=O000lF00000a00. 0. 0) 
Rter_next_section(1. 0x8100000000000000, OxFFOOOOOOOOOOOOOO. 0x14. 1) 
F]lter_nex!_section(2. 0x8000000000000000, OxFFOOOOOOOOOOOOOO. 0x12. 1} 

wi8 start an ECM capture process wHh odd/even toggle, starting wtien there is a change in the PMT. 
[0103] In terms (^Gommuntcation of CA messages and fSter data to and from the smart card 82 and fitter urvt 80. a 
standard protocol such as iS0781 6 may be used. Since not all of the data in the filtered private section is required by 
the smart card 82. the section may be nrxxfified and a message of the foHowing iannai sent to the smart card: 



Table id 


8bits 


Zero 


11 kMts 


Filter id 


Sbfts 


CA specfftc header field 


56tnts 


CA message 


NTS brtB 



[0104] The mearvng of each of these terms will be dear from the above desa^stion. in terms of the filter data sent 
from the smart card 82 to the fiKer 80. the following for^ 



Numt)er of fSters 


Obits 


RItertng instrudion 


5bits 


RIterid 


Sbfts 


Target 


64 bits 


Mask 


64 bits 


Trigger conditions 


Sbits 


p/h 


Ibrt 



Numbecofjifters describes the number of filters to be set in this ffistruction. 

Ftfteringjnstructm is describing the type of mstruction (filter next section, fitter ail sections). 

Fiherjd is an index pointing to a fitter and an output queue. In add%on, it gives the c^jeueing priority. 0 being the 

highest priority. 

Target is the target pattern. 

Mask is a pattern showing the bits to be masked in the target, value 0 means masked. 
Triggerjcond^ions is a t>itmap. ORing fitter Jd triggering that filter. St set at 0 means no trigger concfition. Self trig- 
ger condition is ignored. 

p/n is a value, normally set to 1 . positive tor normal operation as descrit>ed above. When set to 0 it means negative 
filtering, i.e.. retrieve sectk>ns ogt matching taxgeA, 

[01 OS] In practice, oonrvnunicatbns between the smart card and the recaver/deood»' may k>e si^ect to a level of 
encryptk)n or scrambling for sect^ity reasons. In particular, communications between the smart card 82 and filter init 
80. as well as the control word stream sent to the descrambler unH 83 may fc>e encoded in this way. Encryption algo* 
rithms suitable for this purpose are widely known (RSA. DES etc.}. 
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Claims 

1 . A deocxJer adapted to receive a transport packet ^eam avitatning table, section or other packetised data encap- 
sutated witfiin the packet payloads and characterised in that the decoder comprises a means for filtering the encap- 

5 sulated data configurafaie in response to filter data received from a portable security module. 

2. A decoder as daimed in daim 1 in which the means for filtering encapsUated data is oonfigurabie in response to 
fitter data comprising at least a table ID or section ID value transnvtted by the portabte seomty modula 

TO 3. A decoder as claimed in d^dm 1 or 2 in which the means for filtering eicapsulaled data ^ further adapted to fofward 
to the security module conditional access data obtained in accordance with the filter data received from the security 
module. 

4. A decoder as daimed in daim 3 in w^uch conditionat access data fonMarded to the security module comprises enti* 
15 tiennent control nnessages (ECMs) and/or entitlement mar»ganent messages (EMMs). 

5. A decode as claimed in daim 3 or 4 in which filter data provided the securi^ moMe comprises data used t)y 
the f9ter means to extract group and/or individual entitlement mar«gemait nnessages adcfressed to the secuity 
modide. 

20 

6. A decoder as claimed in any of c^ims 3 to 5 in which the decoder is adapted to receive a control word generated 
i>y the security module in respor^ to the oondrticnal access data forwaided thereto, ihe oontrd word t>^ng used 

the decoder to descramble a saamUed transnr^ssion. 

25 7. A decoder as dainned in any prececfingcteiim&rthercompriwg a nneans for filter 
urabie in response to data received from the security nrKXdule. 

8. A decoder as daimed in daim 7. in which the means for filtering transport padket data is oonfiguralsle in response 
to data representing the identity of the concStional access system received from tie seeing modi^ 

30 

9. A decoder as daimed in daim 8 giwttich the transport packet fBteririgmeatfts IS 

cont^ning a program map table and a oorxJitional access table, the deco de r further comprisir^ selection means 
adapted to receive the program map table and conditional access table from the transport packet fHterkig means 
and conditiorral access identity data from the security n^xjuie and there^er confine tietraisport packet filervig 
35 means to extract transport pad^ data associated with the oonditior^ access sys^ question. 

10. A decoder as daimed in any jix^eceding claim adapted to process encrypt and/or decrypt communications to and 
from the portable security nrKxkjte. 

40 1 1. A security modide for use with a decoder as claimed in any preceding daim and charaderised in conprising a 
meirK^ry means for storing filter data subsequently communicated to the decoder to conf^re the means for filter- 
ing encapsulated data. 

12. A security module as daimed in claim 13 comprising a smart card. 

45 

13» A mettiod of processing a transport packet stream corrtaining table, section or other packetised cfetia encapsulated 
witiiin the packet payloads characterised by recdving the trar^port stream in a decoder and filtering the encapsu- 
lated data in response to filter data received from a portable security mockda 

50 14. A metfiod of proces^g a transport packet stream as daimed in daim 1 3 further oorrp-isir^ g^eratir^ encapsu- 
lated data including conditional access data and fOtering at the decoder using the encapsulated data and in 
response to filter data supplied by the portable security modula 
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Fig.3. 
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Fig.5. 
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